Quit Selling Out Your Friends
Your contact list should be sacred. Don’t just give it away to anyone who asks for it.
This one goes out to my aunt (A.S.), though she doesn’t know why yet. She, and you all, are about to find out.
What am I suggesting and why?
Revoke contact access to any app that doesn’t need it, and delete the contacts that you may have already shared with them.
If you give an app access to your contacts, you’re not only giving your own stuff away, you’re also selling out all your friends. This is a risky business for both privacy and security reasons — this part’s for you A.S. — because once that list is out there/sold/accessible/you name it, it can also be used pretty easily for phishing.
Phishing, if you’re unfamiliar, is the practice of trying to get information or an action out of someone by pretending to be someone that person would trust. A.S. may not even know it yet, but someone is currently using her name to phish her contacts list via email.
So let’s revoke some access, shall we?
You in? Let’s go!
Before we dive in, let’s talk quickly about who/what should have access to your contacts. Generally speaking, if you are using a communication app (like WhatsApp, phone, Messenger, email, etc.) it’s sort of inevitable that you’ll need to share your contact list with them.
For pre-installed apps like the phone and your email, this may be shared by default, but honestly, every app should ask for permission. Outside of those, I don’t generally share contacts if prompted, it’s not necessary for most apps, and if you remove access and later find that it is necessary, just give it permission again. No biggie.
Another quick distinction I want to make is you may have already given access to your contacts, and turning off that access doesn’t necessarily remove those contacts from that service. I’ll give an example in a minute, but I just want to be clear: you may need to revoke the access, and then actually remove the contacts from the app/service.
Ok now I’m done, let’s go.
iPhone
Make sure you read step 5 before you complete step 4… I know it’s weird, I’m not perfect!
- Open Settings.
- Select Privacy & Security.
- Select Contacts.
- These are all the apps that have access to your contacts. Turn off any that don’t need contacts access to function. You’ll have to use your own discretion here, but really think about if that app needs to know who you know.
- I recommend making a note of the apps that you turn off since you may need to go and delete your contacts from those apps also (remember, I mentioned this could be a two-parter — revoking access is not the same thing as removing your contacts list).
Android
Make sure you read step 6 before you complete step 5… I know it’s weird, I’m not perfect!
- Open Settings.
- Select Privacy.
- Select Permission manager.
- Select Contacts.
- All the apps under “Allowed” have access to your contacts. Turn off any that don’t need contacts access to function — tap on the app you want to revoke access from, then tap Don’t allow. You’ll have to use your own discretion here, but really think about if that app needs to know who you know.
- I recommend making a note of the apps that you turn off since you may need to go and delete your contacts from those apps also (remember, I mentioned this could be a two-parter — revoking access is not the same thing as removing your contacts list).
After removing access, you might still need to remove your previously uploaded contacts…
Once you’ve gone through your apps and revoked access, go into those apps and find the app settings (you might look for a 3-dot menu, a 3-line menu, a settings icon, or check your user profile).
Here, look for a privacy section. You’re likely to find one in just about every app that asks for access to your data, but you may have to dig for it. If there’s a function to delete contacts that were previously uploaded, delete them.
I’ll walk you through an example with TikTok because don’t give your contacts to TikTok, but most apps follow a similar process:
- Open TikTok.
- Tap Profile at the bottom of the screen.
- Tap the three-line menu at the top right of your profile page. A small menu will pop up from the bottom of the screen.
- Tap Settings and privacy.
- Tap Privacy.
- Tap Sync contacts and Facebook friends.
- Make sure the Toggle is turned off next to Sync contacts and Sync Facebook friends. It should be off already if you turned it off in the previous steps.
- Select Remove previously synced contacts. Approve the removal if prompted.
- Select Remove previously synced Facebook friends. Approve the removal if prompted.
Don’t Allow Access in the Future
When you return to some of these apps or download new apps, you may see a prompt asking you for access to your Contacts. Err on the side of saying “Don’t Allow” unless you’re absolutely sure you need this app to access your contacts.
So, what can A.S. do?
It’s always a good idea when your contact list is targeted to make sure your email account hasn’t been compromised — this is a common method for stealing a contact list. In this case, I don’t think her email was hacked, but we always want to check there first.
If the list was sold or permission was given to a nefarious app developer, unfortunately, there’s not much to be done for it. The list is already out there. It wouldn’t be a bad idea for her to let her contacts know that someone is pretending to be her, and perhaps advise them not to click on anything in emails that look like they’re coming from her unless they know for certain it is from her (like they had a conversation in advance for example).
Dig Deeper
- There’s a great site all about phishing and how to recognize a phishing scam when you see one called phishing.org.
- There’s honestly not much out there about contact list privacy, sadly, but I will say that a tangential privacy concern here is your Facebook friends list (if you have Facebook, of course, which I do not recommend). You should always hide your friends list. There’s a good article about how to do that at MakeTechEasier.
